Software and hardware vulnerabilities may pose a critical risk to environments and data of individuals and companies using computerized systems. Public exploits that may be utilized to take advantage of security vulnerabilities may be available for certain security vulnerabilities. Malware that facilitates taking advantage of security vulnerabilities may be available for certain security vulnerabilities.
Categorizing and mitigating the security risk can be a daunting task for any company. Attempts to categorize the severity of a vulnerability have been made. Once such attempt includes using a Common Vulnerability Scoring System (CVSS). The CVSS attempts to capture the principal characteristics of a vulnerability, and produces a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score may be translated into a qualitative representation of the vulnerability severity, such as low, medium, high, and critical. The CVSS system, however, does not consider all information related to a particular vulnerability and thus, it is often unrefined.